Attempting to embarrass nation-states in hopes they’ll stop their cyberattacks on U.S. government and business systems is not working, according to U.S. and European national security officials and experts.
“Publicly calling out countries like Russia for supporting ransomware attacks is an important step, but naming and shaming only goes so far,” said John Dermody, a former U.S. government national security lawyer.
Teaming up with international partners to humiliate them, “is an important first step,” said Dermody, who served at the Department of Defense, Department of Homeland Security and on the National Security Council, but the most important step — forcing them to stop — requires a lot more work.
Radek Sikorski, chairman of the European Union, USA Delegation in the European Parliament, said the relationship between Western nations — namely the U.S. and E.U, and China — is complex, and it requires multifaceted solutions.
“We should collaborate with China where possible, compete when needed and confront when necessary,” said Sikorski.
On July 19, the Biden administration and dozens of U.S.-allied countries chose the confrontation option.
The White House released a statement saying, “The United States is deeply concerned that the People Republic of China has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.”
Identifying China as the culprit, according to Dermody, now a lawyer with the global firm O’Melveny, is the most significant part of the announcement, “because it’s letting the Chinese government know that this type of activity — that sort of broader ecosystem support — is not going to be tolerated. It’s going to be considered just as significant as if the Chinese government was conducting those activities.”
Despite the U.S. announcement, vulnerabilities, breaches and cyberattacks, too numerous to count, have continued to hit U.S. targets.
A Russian cybercriminal network known as REvil is one of world’s biggest and most sophisticated. President Biden has spoken with Russian President Vladimir Putin about that and other similar actors, yet suspected Russian government-linked cyberattacks continue.
Underreporting and other issues make it difficult for U.S. government agencies to accurately determine how many cyberattacks have taken place this year, but a top U.S. cybersecurity official said the number is bigger than ever.
“Over probably the last eight months, we have seen cybersecurity incidents affecting organizations across this country, whether government agencies, critical infrastructure or small businesses, on an unprecedented scale and impact,” said Eric Goldstein, executive assistant director for cybersecurity at the cybersecurity and Infrastructure and Security Agency.
The attacks are not just the work of sophisticated networks hired and deployed by large countries like Russia and China: Iran and North Korea have augmented their activities.
Additionally, independent criminal organizations are taking aim at the U.S. and its allies with increasingly capable and refined ransomware and other malware tools.
“Whether it is nation state-related intrusions, like the Solar Winds campaign or the recent spate of ransomware affecting critical infrastructure and other businesses across sectors, we are seeing significant cybersecurity risk, affecting our country; that necessitates that all organizations make investments. In improving their security and resilience,” Goldstein said.
In order to make those improvements, it’s necessary to know what they’re up against, so in the case of China’s recent activities, the FBI, NSA and CISA released an advisory detailing 50 techniques and tactics linked to Chinese State-Sponsored Cyber Operations.
“By exposing the PRC’s malicious activity, we are continuing the administration’s efforts to inform and empower system owners and operators to act,” the White House said in its July 19 statement. “We call on private sector companies to follow the federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”
Companies and organizations WTOP spoke to that have been targeted with cyberattacks say it’s also important to know why they were targeted. Goldstein suggested that it depends, in part, on the motive of the attacker.
“Adversaries with various motivations, whether those motivations are espionage financial or other, have determined that exploiting vulnerabilities in information technology are a fairly cost-effective way for them to achieve their goals,” said Goldstein.
He said the most effective way to stop it is, “for us to change adversaries’ cost calculus. The more secure we can make the technologies that we are deploying, the more secure that we can make our networks across critical infrastructure.”
Dermody warns that recent attacks — including the costly assault on the Colonial Pipeline — have exposed just how vulnerable the nation is to ransomware. And while he urges companies to take advantage of newly-available federal resources to combat hackers, he stresses that companies cannot wait for the government to eradicate the problem.
“The Biden administration’s decision to call out China, is likely, only the beginning of a new approach to address the escalating number of cyberattacks on Americans and U.S. government agencies, companies and organizations,” a U.S. intelligence source told WTOP.
The source said, however, “many of the actions, aside from sanctions and indictments, will take place out of the public’s view.”
Four Chinese nationals with China’s Ministry of State Security were charged in the U.S. on July 19 with a global computer intrusion campaign. Aside from that, there has been no other public action taken against China.